DEKRA Audit Netherlands
Do you want to show that your organization works with modern IT systems and smart data management?
ISO 27001 certification
Reliable information security with ISO 27001
Outdated technology, misusing IT or malware infections. These can all lead to cybercrime, IT failures, espionage and data misuse. How should you implement a strong information security strategy? ISO 27001 certification gives you this opportunity, letting you protect confidential information in your organization. DEKRA can is happy to test your organization against the international ISO/IEC 27001 standards.
The ISO 27001 certificate is for every organization wanting to demonstrate that it handles confidential information securely, with integrity and reliability. An ISO 27001 certification lets you meet the expectations of clients and stakeholders. Do you operate in accordance with this
standard?
That means you are taking account of all the relevant information security risks. You are implementing technical and organizational measures to manage confidential data securely. Efficient and reliable cooperation between technical solutions and organizational processes is necessary. Only then will you achieve the level of security that meets the requirements of modern standards.
The certification process
The ISO 27001 certification process also includes a preparatory phase, which occurs before the actual
audit​.
The phase has nine steps:
1. Determine the scope of information security for your management system (ISMS).
2. Determine the information security objectives.
3. Develop a methodology for risk assessment and risk treatment.
4. Establish a statement of applicability (SoA).
5. Draw up a risk management plan and risk assessment report.
6. Establish security roles and responsibilities.
7. Draw up a resource list for technical measures.
8. Ensure acceptable use of resources.
9. Establish guidelines, for example for access control in accordance with Annex A of ISO 27001.
2. Determine the information security objectives.
3. Develop a methodology for risk assessment and risk treatment.
4. Establish a statement of applicability (SoA).
5. Draw up a risk management plan and risk assessment report.
6. Establish security roles and responsibilities.
7. Draw up a resource list for technical measures.
8. Ensure acceptable use of resources.
9. Establish guidelines, for example for access control in accordance with Annex A of ISO 27001.
Our method
The ISO 27001 audit comprises two phases. In the first, DEKRA checks the ISMS documentation and we determine whether your organization is ready for phase 2 of the certification. We assess the effectiveness of the ISMS in the second phase. Our auditors record the findings of the audit in a report. If the results are positive, you will receive the ISO 27001 certificate for a period of up to three years. We conduct a first follow-up audit within a year of the first one, then conduct the second one the following year. After three years recertification follows, with annual follow-up audits.
DEKRA’s expertise
- Our experts have many years of experience in information security and certification of management systems.
- We audit with recognition of the people in your organization. We call this People-Based Auditing.
- DEKRA certification is recognized worldwide.
- With us you can also combine the ISO 27001 standard with others, e.g., with NEN 7510, ISO 20000-1 or ISO 9000. This lets us carry out audits efficiently, saving you time and money.
People Based Auditing (PBA)
In our audit process we always pay attention to the human factor. They determine how they implement the processes, systems and working methods. We call our working method People Based Auditing. A standard added value to our certification of ISO and HKZ Zorg en Welzijn.
More about People Bases Auditing >
New version ISO/IEC 27001:2022
A new version of ISO 27001 was released on 25 October 2022: ISO/IEC 27001:2022. The new version has several modifications:
- Chapters 4 to 10 are structured according to the Harmonized Structure.
- Annex A of the standard is divided into 4 chapters (according to ISO/IEC 27002:2022):
- A. organizational measures
- B. personnel measures
- C. physical measures
- D. technological measures
- Several measures have been combined.
- 11 new measures have been added.
Your organization can already operate in accordance with the new ISO 27001. For (re)certifications, DEKRA tests for compliance with ISO/IEC 27001:2022. Your current ISO/IEC 27001/2013 certificate remains valid until the date stated on the certificate, but no longer than 31 October 2025. From 1 April 2024, DEKRA will only certify against ISO/IEC 27001:2022.
Q&A: ISO 27001 in brief
What is ISO 27001?
ISO 27001 is an international standard for protecting privacy-sensitive information. It shows that your organization handles data and information securely.
Who is ISO 27001 for?
What form does the certification process take?
Can you combine ISO 27001 with other ISO standards?
Can you also perform IT audits with ISO 27001?
Who is DEKRA?
Can I contact a specialist?
Mar 08, 2023
Audit
ISO 27001 and NEN 7510 are familiar standards that set rules and guidelines for handling confidential information. Find out more about the differences here.
Jan 04, 2023
Audit
Would you like to have your management system certified to show that you are handling information responsibly? You first need to map out a few things if you are to secure all that information properly.
Dec 01, 2022
Audit
As a business owner, it is a necessity to properly protect all the information present in your company. An ISO 27001 certificate shows that your information security policy is in order.